DPDP Compliance at IvaBuddy

IvaBuddy processes your personal data only for the purposes explicitly described in our Privacy Policy and with your informed consent at the time of registration. We do not process data for undisclosed or incompatible purposes.

We provide clear notice of what data we collect, why we collect it, and how it is used — before collection. Our Privacy Policy is written in plain language and is accessible at any time.

Your consent is sought through a clear, voluntary, and specific mechanism. You can withdraw consent at any time by contacting us or by deleting your account. Withdrawal of consent will result in cessation of processing (with limited exceptions for legal obligations).

As a Data Fiduciary, IvaBuddy: (a) ensures accuracy of personal data; (b) implements security safeguards (AES-256 encryption, TLS 1.3, access controls); (c) deletes data after purpose is served or consent is withdrawn; (d) notifies the Data Protection Board and affected users within 72 hours of a data breach.

You can request a summary of all personal data processed by IvaBuddy at any time by emailing privacy@ivabuddy.com. We respond within 30 days as required.

You can update your personal information directly in your IvaBuddy account settings. To request complete erasure (right to be forgotten), contact privacy@ivabuddy.com. We will delete all personal data within 30 days, subject to legal retention requirements.

We have appointed a Grievance Officer (details below) who responds to all complaints within 48 hours. Unresolved complaints can be escalated to the Data Protection Board of India.

IvaBuddy does not knowingly collect personal data from children under 18 years of age without verifiable parental consent. Our service is intended for business use by adults.

All IvaBuddy data is stored and processed exclusively in India (Mumbai and Delhi data centers). We do not transfer personal data outside India.